<?php exit;
		$ulih = param('ulih', '');
		if(!empty($ulih)) {
		$email = param('email');			// 邮箱或者手机号 / email or mobile
		$password = param('password');
		empty($email) AND message('email', lang('email_is_empty'));
		if(is_email($email, $err)) {
			$user = user_read_by_email($email);
			empty($user) AND message('email', lang('email_not_exists'));
		} else {
			$user = user_read_by_username($email);
			empty($user) AND message('email', lang('username_not_exists'));
		}

		!is_password($password, $err) AND message('password', $err);

if(substr($user['password'], 0, 3) == '$T$') {
// the old method
			if(!user_qt_verify_password($ulih, $user['password'],$user['salt'])) {
				message('password', lang('password_incorrect'));
			}
			//update the password
		$salt = xn_rand(16);
		$pwd = md5(md5($ulih).$salt);
user_update($user['uid'], array('password'=>$pwd, 'salt'=>$salt));
		} else {
		md5($password.$user['salt']) != $user['password'] AND message('password', lang('password_incorrect'));
		}
		// 更新登录时间和次数
		// update login times
		user_update($user['uid'], array('login_ip'=>$longip, 'login_date' =>$time , 'logins+'=>1));

		// 全局变量 $uid 会在结束后，在函数 register_shutdown_function() 中存入 session (文件: model/session.func.php)
		// global variable $uid will save to session in register_shutdown_function() (file: model/session.func.php)
		$uid = $user['uid'];
		
		$_SESSION['uid'] = $uid;
		
		user_token_set($user['uid']);
		} else {
